General
-
Target
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a
-
Size
1.4MB
-
Sample
220201-gplp7aace8
-
MD5
58a4f4d720e37e8068e6ebf835f5e37c
-
SHA1
81b196c4175097a2bc639764e71454986060da66
-
SHA256
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a
-
SHA512
737932aa10d7bdef164441348b21c9b041476ce111ef9ad820c666b03a949589c12baa8fe07ef6db9c0487f8300e765604b27f16abecc04a0a2bb847ca1cc7f6
Static task
static1
Behavioral task
behavioral1
Sample
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a.js
Resource
win10v2004-en-20220112
Malware Config
Extracted
danabot
209.182.218.222
185.227.109.40
185.136.165.128
161.129.65.197
217.182.56.71
254.55.37.53
228.175.167.154
56.38.135.17
168.127.65.186
185.181.8.49
Targets
-
-
Target
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a
-
Size
1.4MB
-
MD5
58a4f4d720e37e8068e6ebf835f5e37c
-
SHA1
81b196c4175097a2bc639764e71454986060da66
-
SHA256
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a
-
SHA512
737932aa10d7bdef164441348b21c9b041476ce111ef9ad820c666b03a949589c12baa8fe07ef6db9c0487f8300e765604b27f16abecc04a0a2bb847ca1cc7f6
Score10/10-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-